fatalrat | 8d43e247412e590f715ead2d3851e1ddf3dd37363dd164bb9b3f5105fc1deffc | Triage

Submit
Reports

Overview

overview

Static

static

3

8d43e24741...fc.exe

windows7-x64

8d43e24741...fc.exe

windows10-2004-x64

Sharing

General

Target

8d43e247412e590f715ead2d3851e1ddf3dd37363dd164bb9b3f5105fc1deffc
Size

3.5MB
Sample

241206-gtfpqstles
MD5

37fed29952baed1e0d1ba278bc887d16
SHA1

eb13c250ccd0694c8126c78281283c40c5b8b5f9
SHA256

8d43e247412e590f715ead2d3851e1ddf3dd37363dd164bb9b3f5105fc1deffc
SHA512

9f66b91505c328167e08af5ac58c717366387fc29f0d536db12f9bfd52d118b06b87ac5968cd259ad8ef9979d3387439deb2b3b6dbf086bf635a09da87ad0a06
SSDEEP

49152:nwNuf+/VB9lCufQZ80lkiS1/KfwKX+i/hfyoZhmLomL3zcavMcc:/fKB9lBwe/Kfw2+i/MomLJkcc

Score

10^/10

fatalrat defense_evasion discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d43e247412e590f715ead2d3851e1ddf3dd37363dd164bb9b3f5105fc1deffc.exe

Resource

win7-20240708-en

fatalrat defense_evasion discovery infostealer rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d43e247412e590f715ead2d3851e1ddf3dd37363dd164bb9b3f5105fc1deffc.exe

Resource

win10v2004-20241007-en

fatalrat defense_evasion discovery infostealer rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  8d43e247412e590f715ead2d3851e1ddf3dd37363dd164bb9b3f5105fc1deffc
- Size
  
  3.5MB
- MD5
  
  37fed29952baed1e0d1ba278bc887d16
- SHA1
  
  eb13c250ccd0694c8126c78281283c40c5b8b5f9
- SHA256
  
  8d43e247412e590f715ead2d3851e1ddf3dd37363dd164bb9b3f5105fc1deffc
- SHA512
  
  9f66b91505c328167e08af5ac58c717366387fc29f0d536db12f9bfd52d118b06b87ac5968cd259ad8ef9979d3387439deb2b3b6dbf086bf635a09da87ad0a06
- SSDEEP
  
  49152:nwNuf+/VB9lCufQZ80lkiS1/KfwKX+i/hfyoZhmLomL3zcavMcc:/fKB9lBwe/Kfw2+i/MomLJkcc
Score

10^/10

fatalrat defense_evasion discovery infostealer rat
- FatalRat
  FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
  infostealer rat fatalrat
- Fatalrat family
  fatalrat
- Fatal Rat payload
  rat infostealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fatalratdefense_evasiondiscoveryinfostealerrat

behavioral2

fatalratdefense_evasiondiscoveryinfostealerrat

© 2018-2024

Terms | Privacy